Privacy Policy

Last Updated: March 2026

Tango Tree Labs LLP ("Tango Tree Labs," "we,"  "us," or "our") operates the DrSoma application and related services (collectively, the "Services" ).

This Privacy Policy describes the information we collect when you interact with us through our mobile applications, websites (including www.drsoma.app), and other online services (collectively, the "Services"), how we use and protect that information, and how we disclose that information. This policy also provides important information about how to exercise your rights under the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK-GDPR), India's Digital Personal Data Protection Act (DPDPA), and other applicable laws.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not accept our policies and practices, do not use the Services. This policy is incorporated into and made a part of our Terms of Use (https://www.drsoma.app/terms). By using the Services, you consent to our use, processing, and sharing of your information as described in this policy. You may withdraw your consent at any time by contacting us at privacy@tangotreelabs.com.

If you do not agree with any part of this Privacy Policy or our Terms of Use, please do not use any of the Services.

Important Health and Wellness Notice

DrSoma is an educational, coaching-style wellness program and is not a medical device, medical treatment, or a substitute for professional medical advice, diagnosis, or treatment. The Services are intended to provide users with tools and education related to the mind-body connection, chronic pain management, and nervous system regulation.

Your use of DrSoma, or your identification as a DrSoma user, may imply that you experience one or more symptoms that DrSoma is designed to address, including chronic pain or stress-related conditions. If you wish to avoid that implication, do not use the Services.

Information you provide within the Services—including journal entries, pain assessments, and wellness responses—may constitute sensitive personal information related to your health and well-being. We treat all such data with the highest level of care and security as described in this policy.

If you do not want information about your health conditions or other sensitive information to be used or disclosed as described in this Privacy Policy, do not provide such information or do not use the Services.

1. Information We Collect and How We Collect It

A. Information You Provide to Us

When you interact with the Services, we may ask you to provide (or you may choose to provide) the following personal information:

• Account Information: Your name and email address when you register for the Services.
• Health and Wellness Information: Information about your pain symptoms, stress levels, emotional states, and other health-related data that you voluntarily provide through the app's features, including pain assessments, questionnaires, and self-reported data.
• Journal Entries and Personal Content: Any content you create within the Services, including journal entries, reflections, and responses during guided exercises and conversational sessions.
• Subscription and Transaction Information: If you purchase a subscription, we do not directly collect your payment data. Instead, we use third-party payment providers (Apple App Store, Google Play Store) to process payments, and your interaction with those providers is governed by their respective privacy policies.
• Communications: Any information you provide when you contact us for support or feedback.

B. Information Collected Through AI-Powered Features

DrSoma uses artificial intelligence technology (including large language models) to power certain features such as conversational journaling, flareup manager and personalised coaching. When you interact with these AI-powered features:

• Your inputs (such as journal entries, responses, and conversational messages) are processed to generate personalised responses and guidance.
• We may retain conversation summaries and session data to improve the continuity of your experience across sessions.
• AI-generated content, including prompts and responses, may be reviewed internally for quality assurance, safety monitoring, and service improvement. Such reviews are conducted by authorised personnel only and are subject to strict confidentiality obligations.
• We do not use your personal journal content or health information to train general-purpose AI models.
• AI-generated responses are for educational and wellness purposes only and do not constitute medical advice.

C. Automatically Collected Information

When you use the Services, we collect certain information automatically, including:

• Device Information: Your device's unique identifier, operating system, device model, and browser type.
• Usage Data: Information about your interactions with the Services, including features used, session duration, pages viewed, and navigation patterns.
• Log Data: In the event of errors, we collect log data including your device's IP address, device name, operating system version, app configuration, and the time and date of your use.
• Analytics Data: Anonymised and aggregated data about app usage patterns collected through analytics tools.

We do not collect information about your activities over time and across third-party websites, apps, or other online services.

D. Cookies and Similar Technologies

Our website may use cookies and similar tracking technologies. Cookies are small data files stored on your device.

• Session Cookies: These expire when you close your browser and carry information during a single visit.
• Persistent Cookies: These remain on your device until deleted and help us recognise returning users.

The mobile application does not use cookies explicitly. However, third-party services integrated within the app may use cookies or similar technologies to collect information and improve their services. You can manage cookie preferences through your browser or device settings. Refusing cookies may limit certain functionality.

2. Third-Party Services

The Services integrate with the following third-party services that may collect information used to identify you. Each service is governed by its own privacy policy:

• Google Play Services
• Apple App Store
• Firebase Analytics
• Firebase Crashlytics
• Google Cloud Platform

We may also use third-party AI service providers (such as Google Gemini and OpenAI) to power certain AI features within the Services. When your data is processed by these providers:

• Data is transmitted securely and used solely to generate responses for the Services.
• We have data processing agreements in place with these providers that restrict how your data may be used.
• We do not permit these providers to use your personal data for their own training or commercial purposes beyond providing the Services.

We do not control the privacy practices of third-party sites accessible through links within the Services. We strongly advise you to review the privacy policies of any third-party websites you visit.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services, including personalised wellness content and AI-powered features.
• Create and manage your account and subscriptions.
• Communicate with you regarding the Services, including account notifications, updates, and support responses.
• Personalise your experience based on your usage patterns, progress, and preferences.
• Generate session summaries and continuity data to improve the quality of AI-powered interactions.
• Conduct internal quality assurance and safety reviews of AI-generated content.
• Analyse usage patterns and trends in an anonymised and aggregated manner to improve the Services.
• Identify and resolve technical issues, bugs, and errors.
• Maintain the safety, security, and integrity of the Services.
• Comply with applicable laws, regulations, and legal processes.
• Enforce our Terms of Use and protect our rights and the rights of our users.

We do not use your personal content—including journal entries, health data, and conversational inputs—for advertising, marketing to third parties, or sale to any party.

4. Disclosure of Your Information

We disclose aggregated, anonymised information that does not identify any individual without restriction.

We may disclose your personal information in the following circumstances:

• Service Providers: To agents, contractors, and third-party service providers who support the operation of the Services, including cloud hosting providers (Google Cloud Platform/Firebase), analytics providers, AI processing providers, customer support tools, and payment processors. These providers are contractually obligated to keep your information confidential and use it only for the purposes of providing services to us.
• Business Transfers: To a buyer or successor in the event of a merger, acquisition, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, where personal information held by us is among the assets transferred. We will notify you of any such change.
• Legal Requirements: To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• Rights Protection: If we believe disclosure is necessary to protect the rights, property, or safety of you, Tango Tree Labs, our users, or others. This includes exchanging information for fraud protection and credit risk reduction, and contacting emergency services on your behalf if we reasonably believe there is a risk of imminent harm.
• With Your Consent: For any other purpose disclosed to you at the time of collection or for which you provide explicit consent.

We do not sell your personal information to third parties. We do not share your personal health or wellness data with advertisers.

5. Data Storage, Security, and Retention

Storage and Security

Your personal data, including journal entries, health information, and session data, is stored using industry-standard encryption both in transit and at rest. We employ administrative, physical, and technical safeguards designed to protect your personal information from accidental loss and unauthorised access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of the Services, you are responsible for keeping it confidential.

We will make all legally required disclosures of any data breach related to your personal information.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. If you request deletion of your account, we will delete your personal data within thirty (30) days of such request, except where retention is required by law or for legitimate business purposes such as resolving disputes, enforcing agreements, or complying with legal obligations.

After deletion, fragments of data that were once associated with you may remain in backup systems for a limited period but will no longer be associated with your identity.

6. User Content and Ownership

Any content you create within the Services—including journal entries, reflections, self-assessments, and responses during guided exercises—remains your property. We do not claim ownership of your personal content.

We do not read, analyse, or share your personal content with third parties for marketing, advertising, or commercial purposes. Your content is processed by our AI systems solely for the purpose of providing you with personalised guidance within the Services, and by authorised personnel for safety and quality assurance purposes.

7. Your Privacy Rights

A. General Rights (All Users)

Regardless of your location, you have the following rights:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request correction of inaccurate or incomplete personal information.
• Deletion: You may request deletion of your personal information and account.
• Opt-Out of Communications: You may opt out of promotional emails by clicking the unsubscribe link or contacting us.
• Withdraw Consent: You may withdraw consent to our processing of your personal information at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

To exercise any of these rights, contact us at privacy@tangotreelabs.com. We will respond within thirty (30) days.

B. Rights for EU/UK Residents (GDPR / UK-GDPR)

If you are a resident of the European Union or the United Kingdom, you have additional rights under the GDPR and UK-GDPR:

• Right to access.
• Right to rectification.
• Right to erasure under certain conditions.
• Right to restrict processing.
• Right to data portability.
• Right to object.

Our legal basis for processing your personal data is the performance of our contract with you (our Terms of Use) and, where applicable, your explicit consent.

C. Rights for California Residents (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is collected, used, and disclosed.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

D. Rights for Indian Residents (DPDPA)

If you are a resident of India, you have certain rights under the Digital Personal Data Protection Act, 2023 (DPDPA), including:

• The right to access information about your personal data being processed.
• The right to correction and erasure of your personal data.
• The right to grievance redressal.
• The right to nominate another individual to exercise your rights in case of death or incapacity.

To exercise your rights, contact our Grievance Officer at the details provided in the Contact section below.

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

By using the Services, you consent to the transfer of your information to USA (our app backend is hosted in USA) and other jurisdictions where our service providers operate, for storage and processing in compliance with this policy. We ensure that appropriate safeguards are in place for all international data transfers, including standard contractual clauses where required.

9. Analytics and Crash Reporting

We use Firebase Analytics and Firebase Crashlytics to help us understand how users interact with the Services and to identify and resolve technical issues. These tools collect anonymised data about app usage patterns and crash reports. This data is used solely for improving the performance, stability, and quality of the Services.

You may opt out of analytics collection through the app settings where such an option is available.

10. Push Notifications and Emails

We may send you push notifications and emails to provide reminders, motivational messages, programme updates, and other relevant communications. You can opt out of receiving push notifications and emails at any time through your device settings and email settings.

11. Children's Privacy

The Services are not designed or intended for children under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, you may not create an account or use the Services.

If we learn that we have collected personal information from a child under 18, we will delete that user's account and associated data promptly. If you believe we may have collected information from or about a child under 18, please contact us immediately at privacy@tangotreelabs.com.

12. Links to Other Sites

The Services may contain links to third-party websites and services that are not operated by us. If you click on a third-party link, you will be directed to that party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email, post a notice within the app or on our website, and update the "Last Updated" date at the top of this page.

Your continued use of the Services after a revised Privacy Policy is posted constitutes your acceptance of the changes. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

For requests related to your privacy rights, data access, correction, or deletion, please email privacy@tangotreelabs.com with the subject line "Privacy Rights Request."